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DETAILED ACTION 

1 . This action is in reply to applicant's correspondence of 3 1 March 2005. 

2. Claims 1,2,4-7,9-12,14-16,18-21,23-26,28-30,32-35,37-40,42 are pending for 
examination. 

3. Claims 1,2,4-7,9-12,14-16,18-21,23-26,28-30,32-35,37-40,42 remain rejected. 



aaim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in pubUc use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

4. Claims 1,2,4-7,9-12,14-16,18-21,23-26,28-30,32-35,37-40,42 are rejected under 35 
U.S.C. 102(b) as being anticipated by Raanan et al, U.S. Patent 6,3 1 1,278 Bl. 

5. As per claim 1 ; "A method of accessing devices on a private network via a client on a 
public network, the method comprising the following steps performed by a gateway on the 
private network [ABSTRACT, figure 1-2 and accompanying descriptions]: 

accepting 

a user log-in request from 
the client prior to ascertaining rights of the user, 
wherein the user log-in request includes 
an identification of the usen and 
wherein the user log-in request has 
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a predetermined life span [i.e.. col. 2,lines 39-col. 3,line 23, co. 3,lines 53- 
col. 5,lines 28, whereas '...the identifying of the client/server/particular 
application and/or the particular session . , . ' such that session aspects (i.e., the 
specifications thereof and associated setup/timeout, etc.,), clearly encompasses the 
' . . .user log-in request . . . ascertaining rights of the user . . . user log-in request has 
a predetermined life span . . . ' elements of the claim language, insofar as the 
session components of the ' . . .protocol extraction . . . ' aspects relate to timing 
(i.e., predetermined) aspects of authorization and authentication, as broadly 
interpreted by the examiner.]; 
ascertaining 

rights of a user to 

access one or more devices on the private network : 
receiving 

a request from the client to 

access a Web server of a device on the private network, 
wherein the web server has an address that 
is valid on the private network but 

is not valid on the public network [col. 1, lines 30-col. 10,Hne 18, 
whereas the use of a firewall/gateway network interface node clearly 
encompasses the aspect of the address translation between the 2 networks 
for the low level (i.e., physical layer NIC signature) addressing, such that 
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the address spaces would be unique between the client (NIC) on the public 
network and the server (NIC) on the private network.]; 

redirecting 

the received cUent request to 

the Web server of the device on the private network [i.e., col. 2,lines 49-59, col. 
3,lines 65-col. 5,line 9, col. 5,lines 29-60]; 
scrubbing 

a Web page served by the Web server in response to 
the received client request, comprising 
replacing 

an address in the Web page that is not valid on the public network 

with 

an address that is valid on the public network [i.e., col. 2,lines 49- 
59, col. 3,lines 65-col. 5,line 9, col. 6,lines 1-28, col. 7,lines 45-coL 8,line 
7]; and 

serving 

the scrubbed Web pace to 

the client [i.e., col. 2,lines 49-59, col 3, lines 65-col, 5, line 9]. 

Further, as per claim 15; "A gateway system [This claim is the system mean plus function 
claim for the method claim 1 above, and is rejected for the same reasons provided for the claim 1 
rejection] that permits access to devices on a private network via a client on a public network. 
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comprising: means for accepting a user log-in request from the client prior to ascertaining rights 
of the user, wherein the user log-in request includes an identification of the user, and wherein the 
user log-in request has a predetermined life span; means for receiving a request from the client to 
access a Web server of a device on the private network, wherein the Web server has an address 
that is valid on the private network but is not valid on the public network; means for redirecting 
the received client to request to the Web server; means for scrubbing a Web page served by the 
Web server in response to the received client request, comprising means for replacing an address 
in the Web page that is not valid or the public network with an address that is valid on the public 
network; and means for serving the scrubbed Web page to the client.". 

Further, as per claim 29; "A computer program product [This claim is the embodied 
software claim for the. method claim 1 above, and is rejected for the same reasons provided for 
the claim 1 rejection] that permits access to devices on a private network via a client on a public 
network, the computer program product comprising a computer usable storage medium having 
computer readable program code embodied in the medium, the computer readable program code 
comprising: computer readable program code that accepts a user log-in request from the client, 
wherein the user log-in request comprises an identification of the user, and wherein the user log- 
in request has a predetermined life span; computer readable program code that receives a request 
from the client to access a Web server of a device on the private network, wherein the Web 
server has an address that is valid on the private network but is not valid on the public network; 
computer readable program code that redirects the received client request to the Web server; 
computer readable program code that scrubs a Web page served by the Web server in response to 
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the received client request, comprising computer readable Program code that replaces an address 
in the Web page that is not valid on the public network with an address that is valid on the public 
network; and computer readable program code that serves the scrubbed Web page to the client.". 

6. Claim 2 additionally recites the limitation that; "The method according to Claim 1, 
further comprising the following steps performed by the gateway after ascertaining rights of a 
user to access one or more devices and prior to receiving a request fi-om the client to access a 
Web server of the device: 

serving a Web page to the client that identifies each device on the private network for 
which the user has access rights, 

wherein the Web page includes to a link to a Web server of each device on the 

private network for which the user has access rights.". 
The teachings of Raanan et al suggest such limitations (col. 1, lines 30-col. 10,line 18, whereas 
the use of a firewall/gateway to determine authorized and allowable actions by the client (i.e., 
col 2,lines 39-coL 3,line 23, col. 4,lines 65-col. 5,line 29,61-67, col. 7,lines 19-25), are broadly 
interpreted to encompass the "ascertaining rights of a user to access one or more devices on the 
private network" limitation, and the extraction/robot module translation of addressing (i.e., URL, 
IP level addressing) protocol information (i.e., col. 3,lines 53-coI. 4,line 33, col. 5,lines 60-col. 
6,line 59, col. 7,lines 5-8, col. 8,lines 64-col. 9,linel8) are broadly interpreted to encompass the 
".. .includes to a link to a Web server of each device on the private network for which the user 
has access rights" limitation.). 
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Further, claim 16 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 2 above, and is rejected for 
the same reasons provided for the claim 2 rejection] according to Claim 15, further comprising: 
means for ascertaining rights of a user to access one or more devices on the private network; and 
5 means for serving a Web page to the client that dentifies each device on the private network for 
which the user has access rights, wherein the Web page includes a link to a Web server of each 
device on the private network for which the user has access rights 

Further, claim 30 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 2 above, and is rejected for the 
same reasons provided for the claim 2 rejection] according to claim 29, further comprising: 
computer readable program code that ascertains rights of a user to access one or more devices on 
the private network; and computer readable program code that serves a Web page to the client 
that identifies each device on the private network for which the user has access rights, wherein 
the Web page includes a link to a Web server of each device on the private network for which 
the user has access rights.". 

7. Claim 4 additionally recites the limitation that; "The method according to Claim 2, 
wherein each link to a Web sever includes 

a uniform resource Locator (URL) for the gateway that is valid on the public 
network and 

an identification of a gateway port that is mapped to a respective Web server, and 
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wherein each Hnk is configured to send a request to 

a respective Web server via 

the gatev^ay at an identified gateway port 
The teachings of Raanan et al suggest such limitations (col 1, lines 30-col. lOJine 18, whereas 
the use of an extraction/robot module translation of addressing (i.e., URL, IP level addressing) 
protocol information (i.e., col 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col 7,lines 
5-8, col. 8,lines 64-col. 9,linel8) are broadly interpreted to encompass the . . (URL) for the 
gateway . . . valid on the public network . . . identification . . . port . . . mapped to a respective Web 
server, . . . link is ... to send a request to a . . . Web server via the gateway at an identified 
gateway port" Umitation, whereas the use if the Internet Web protocol data structures clearly 
encompasses port addressing (i.e., that's how applications are delineated from each other from a 
Internet network element perspective).). 

Further, claim 18 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 4 above, and is rejected for 
the same reasons provided for the claim 4 rejection] according to Claim 16, wherein each link to 
a Web server includes a uniform resource locator (URL) for the gateway system that is valid on 
the public network and an identification of a gateway system port that is mapped to a respective 
Web server, and wherein each link is configured to send a request to a respective Web server via 
the gateway system at an identified gateway System port.". 
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Further, claim 32 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 4 above, and is rejected for the 
same reasons provided for the claim 4 rejection] according to Claim 30, v^herein each link to a 
Web server includes a uniform resource locator (URL) for a gateway on the private network that 
is valid on the public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway at an identified gateway port.". 

8. Claim 5 additionally recites the limitation that; "The method according to Claim 1, 
wherein the scrubbing step comprises 
replacing 

an address in the Web page that is valid only on the private network with a 
URL for the gateway that is valid on the public network and 

an identification of a gateway port that is mapped to the replaced 
address.". 

The teachings of Raanan et al suggest such limitations (col. l,Hnes 30-col. 10,line 18, whereas 
the use of an extraction/robot module translation of addressing (i.e., URL, IP level addressing) 
protocol information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 
5-8, col. 8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "replacing an address 
. . . Web page . . . valid . . . with a URL for the gateway . . . valid . . . and an identification of a . . . 
port that is mapped to the replaced address." limitation, whereas the use if the Internet Web 
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protocol data structures clearly encompasses port addressing (i.e., that's how applications are 
delineated from each other from a Internet network element perspective).). 

Further, claim 19 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 5 above, and is rejected for 
the same reasons provided for the claim 5 rejection] according to Claim 15, wherein the means 
for scrubbing a Web page comprises means for replacing an address in the Web page that is valid 
only on the private network with a URL for the gateway system that is valid on the public 
network and an identification of a gateway system port that is mapped to the replaced address."; 

Further, claim 33 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 5 above, and is rejected for the 
same reasons provided for the claim 5 rejection] according to Claim 29, wherein the computer 
readable program code that scrubs a Web page comprises computer readable program code that 
replaces an address in the Web page that is valid only on the private network with a URL for a 
gateway on the private network that is valid on the public network and an identification of a 
gateway port that is mapped to the replaced address.". 

9. Claim 6 additionally recites the limitation that; "The method according to Claim 2, 
wherein the step of serving a Web page to the client comprises: 

scanning a range of private network addresses to identify Web servers listening on 
one or more selected ports; 
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mapping each identified Web server to a respective gateway port; and 
creating a Web page that contains a respective Hnk to each gateway port for each 
device for which the to user has access rights.". 
The teachings of Raanan et al suggest such limitations (col l,lines 30-coL 10,line 18, whereas 
the use of a firewall/gateway to determine authorized and allowable actions by the client (i.e., 
col. 2,lines 39-col. 3,line 23, col. 4,lines 65-col. 5,Une 29,61-67, col. 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; . . . creating a Web page 
. . . link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 5-8, col. 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation.). 

Further, claim 20 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 6 above, and is rejected for 
the same reasons provided for the claim 6 rejection] according to Claim 16, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
each identified Web server to a respective gateway system port; and means for creating a Web 
pace that contains a to respective link to each gateway system port for each device for which the 
user has access rights.". 
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Further, claim 34 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 6 above, and is rejected for the 
same reasons provided for the claim 6 rejection] according to Claim 30, wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
program code that scans a range of private network addresses to identify Web servers listening 
on one or more selected ports; computer readable program code that maps each identified Web 
server to a respective port of a gateway on the private network; and to computer readable 
program code that creates a Web page that contains a respective link to each gateway port for 
each device for which the user has access rights.". 

10. As per claim 7; "A method of accessing devices on a private network via a client on a 
public network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the method comprising the following 
steps performed by a gateway on the private network: 

accepting a user log-in request from the client prior to ascertaining rights of the user, 
wherein the user log-in request includes an identification of the user, and wherein the user log-in 
request has a predetermined life span : 

ascertaining rights of a user to access one or more devices on the private network; 

serving a Web page to the client that identifies each device on the private network for 
which the user has access rights, wherein the Web page includes a link to a Web server of each 
device on the private network for which the user has access rights; 
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receiving a request from the client to access a Web server of a device on the private 
network in response to user activation of a link on the Web page; 

redirecting the received client request to the Web server; scrubbing a Web page served by 
the Web server in response to the received client request, comprising removing links to Web 
servers of devices for which the user does not have access rights; and 

serving the scrubbed Web page to the client [This claim is the combination of claims 1,2 
above, and is rejected for the same reasons provided for the claims 1,2 rejection] ". 

Further, as per claim 21; "A gateway system [This claim is the system mean plus function 
claim for the method claim 7 above, and is rejected for the same reasons provided for the claim 7 
rejection] that permits access to devices on a private network via a client on a public network, 
wherein each device includes a Web server having an address that is valid on the private 
network, but is not valid on the public network, wherein the gateway system comprises: means 
for accepting a user log-in request from the client prior to ascertaining rights of the user, wherein 
the user log-in request includes an identification of the user, and wherein the user log-in request 
has a predetermined life span; means for ascertaining rights of a user to access one or more 
devices on .he private network; means for serving a Web page to the client that identifies each 
device or the private network for which the user has access rights, wherein the Web page 
includes a link to a Web server of each device on the private network for which the user has 
access rights; means for receiving a request from the client to access a Web server of a device on 
the private network in response to user activation of a link on the Web page; means for 
redirecting the received client request to the Web server; means for scrubbing a Web page served 
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by the Web server in response to the received client request, comprising means for removing 
links to Web servers of devices for which the user does not have access rights; and means for 
serving the scrubbed Web page to the client". 

Further, as per claim 35; "A computer program product [This claim is the embodied 
software claim for the method claim 7 above, and is rejected for the same reasons provided for 
the claim 7 rejection] that permits access to devices on a private network via a client on a public 
network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the computer program product 
comprising a computer usable storage medium having computer readable program code 
embodied in the medium, the computer readable program code comprising: computer readable 
program code that accepts a user log-in request from the client, wherein the user log-in request 
comprises an identification of the user, and wherein the user log-in request has a predetermined 
life span; computer readable program code that ascertains rights of a user to access one or more 
devices on the private network; computer readable program code that serves a Web page to the 
client that identifies each device on the private network for which the user has access rights, 
wherein the Web page includes a link to a Web server of each device on the private network for 
which the user has access rights; computer readable program code that receives a request from 
the client to access a Web server of a device on the private network in response to user activation 
of a link on the Web page; computer readable program code that redirects the received client 
request to the Web server; computer readable program code that scrubs a Web page served by 
the Web server in response to the received client request, comprising computer readable program 
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code that removes links to Web servers of devices for which the user does not have access rights; 
and computer readable program code that serves the scrubbed Web page to the client.". 

1 1 . Claim 9 additionally recites the limitation that; "The method according to Claim 7, 
wherein the scrubbing step further comprises 
replacing 

an address in the Web page that is not valid on the public network with 

an address that is valid on the public network.". 
The teachings of Raanan et al suggest such limitations (col. l,lines 30-col. 10,line 18, whereas 
the use of an extraction/robot module translation of addressing (i.e., URL, IP level addressing) 
protocol information (i.e., col. 3,nnes 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 
5-8, col. 8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "replacing an address 
. . . Web page . . . valid . . . with an address . . . valid ..." limitation.). 

Further, claim 23 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 9 above, and is rejected for 
the same reasons provided for the claim 9 rejection] according to Claim 21, wherein the means 
for scrubbing a Web page further comprises means for replacing an address in the Web page that 
is not valid on the public network with an address that is valid on the public network.". 

Further, claim 37 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 9 above, and is rejected for the 
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same reasons provided for the claim 9 rejection] according to claim 35, wherein the computer 
readable program code that scrubs a Web page further comprises computer readable program 
code that replaces an address in the Web page that is not valid on the public network with an 
address that is valid on the public network 

12. Claim 10 additionally recites the limitation that; "The method according to Claim 7, 
wherein each link to a Web server includes 

a uniform resource locator (URL) for the gateway that is valid on the public 
network and 

an identification of a gateway port that is mapped to a respective Web server, and 
wherein each link is configured to 
send a request to 

a respective Web server via 
the gateway at an identified gateway port 
The teachings of Raanan et al suggest such limitations (col. 1, lines 30-col. 10,line 18, whereas 
the use of an extraction/robot module translation of addressing (i.e., URL, IP level addressing) 
protocol information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col 7,lines 
5-8, col. 8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "... (URL) for the 
gateway . . . valid on the public network . . . identification . . . port . . . mapped to a respective Web 
server, . . . link is . . . to send a request to a . . . Web server via the gateway at an identified 
gateway port" limitation, whereas the use if the Internet Web protocol data structures clearly 
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encompasses port addressing (i.e., that's how applications are delineated from each other from a 
Internet network element perspective).). 

Further, claim 24 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 10 above, and is rejected for 
the same reasons provided for the claim 10 rejection] according to Claim 21, wherein each link 
to a Web server includes a uniform resource locator (URL) for the gateway system that is valid 
on the public network and an identification of a gateway system port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway system at an identified gateway system port.". 

Further, claim 38 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 10 above, and is rejected for the 
same reasons provided for the claim 10 rejection] according to Claim 35, wherein each link to a 
Web server includes a uniform resource locator (URL) for a gateway on the private network that 
is valid on to a public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway at an identified gateway port.". 

13. Claim 1 1 additionally recites the limitation that; "The method according to Claim 7, 
wherein the step of serving a Web page to the client comprises: 
scanning 
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a range of private network addresses to 
identify Web servers listening on one or more selected ports; 
mapping 

each identified Web server to 
a respective gateway port; and 
creating 

a Web page that contains 
a respective link to 
each gateway port for 

each device for which the to user has access rights.". 
The teachings of Raanan et al suggest such limitations (col. l,lines 30-col. 10,line 18, whereas 
the use of a firewall/gateway to determine authorized and allowable actions by the client (i.e., 
col. 2,lines 39-col- 3,line 23, col. 4,lines 65-coL 5,line 29,61-67, col 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; . . . creating a Web page 
. . . link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col 6,line 59, col. 7,lines 5-8, col. 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation.). 

Further, claim 25 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 1 1 above, and is rejected for 
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the same reasons provided for the claim 1 1 rejection] according to Claim 21, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
each identified Web server to a respective gateway system port; and means for creating a Web 
page that contains a respective link to each gateway system port for each device for which the 
user has access rights.". 

Further, claim 39 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 1 1 above, and is rejected for the 
same reasons provided for the claim 1 1 rejection] according to Claim 35 wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
program code that scans a range of private network addresses to identify Web servers listening 
on one or more selected ports; computer readable program code that maps each identified Web 
server to a respective port of a gateway on the private network; and computer readable program 
code that creates a Web page that contains a respective link to each gateway port for each device 
for which the user has access rights.". 

14. As per claim 12; "A method of accessing devices on a private network via a client on a 
public network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the method comprising the following 
steps performed by a gateway on the private network: 

accepting a user log-in request from the client prior to ascertaining rights of the user 
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wherein the user log-in request includes an identification of the user, and 
wherein the user log-in request has a predetermined life span [i.e.. col. 2,lines 39- 
col. 3,line 23, co. 3,lines 53-col. 5,lines 28, whereas '...the identifying of the 
cHent/server/particular application and/or the particular session . . . ' such that session 
aspects (i.e., the specifications thereof and associated setup/timeout, etc.,), clearly 
encompasses the ' . . .user log-in request . . . ascertaining rights of the user . . . user log-in 
request has a predetermined life span . . . ' elements of the claim language, insofar as the 
session components of the \ . . protocol extraction . . . ' aspects relate to timing (i.e., 
predetermined) aspects of authorization and authentication, as broadly interpreted by the 
examiner.]; 

ascertaining rights of a user to access one or more devices or the private network; 
serving a Web page to the client that identifies each device on the private network for 
which the user has access rights, 

wherein the Web page includes a link to a Web server of each device on the 
private network for which the user has access rights, 

wherein each link to a Web server includes a uniform resource locator (URL) for 
the gateway that is valid on the public network and an identification of a gateway port 
that is mapped to a respective Web server, and 

wherein each link is configured to send a request to a respective Web server via 
the gateway at an identified gateway port; 

receiving a request fi"om the client to access a Web server of a device on the private 
network in response to user activation of a link on the Web page; 
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redirecting the received client request to the Web server; 

scrubbing a Web page served by the Web server in response to the received client 
request, comprising: 

removing links to Web servers of devices for which the user does not have access 
rights; and 

replacing an address in the Web page that is not valid on the public network with 
an address that is valid on the: public network; and serving the scrubbed Web pace to the 
client [This claim is the combination of claims 1,2,4 above, and is rejected for the same 
reasons provided for the claims 1,2,4 rejection].". 

Further, as per claim 26; "A gateway system [This claim is the system mean plus function 
claim for the method claim 12 above, and is rejected for the same reasons provided for the claim 
12 rejection] that permits access to devices on a private network via a client on a public network, 
wherein each device includes a Web server having an address that is valid on the private 
network, but is not valid on the public network, wherein the gateway system comprises: means 
for accepting a user log-in request from the client prior to ascertaining rights of the user, wherein 
the user log-in request includes an identification of the user, and wherein the user log-in request 
has a predetermined life span; means for ascertaining rights of a user to access one or more 
devices on the private network; means for serving a Web page to the client that to identifies each 
device on the private network for which the user has access rights, wherein the Web page 
includes a link to a Web server of each device on the private network for which the user has 
access rights, wherein each link to a Web server includes a uniform resource locator (URL) for 
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the gateway system that is valid on the public network and an identification of a gateway system 
port that is mapped to a respective Web server, and wherein each link is configured to send a 
request to a respective Web server via the gateway system at an identified gateway system port; 
means for receiving a request fi*om the client to access a Web server of a device on the private 
network in response to user activation of a link on the Web page; means for redirecting the 
received client request to the Web server; and means for scrubbing a Web page served by the 
Web server in response to the received client request, comprising: means for removing links to 
Web servers of devices for which the user does not have access rights; means for replacing an 
address in the Web space that is not valid on the public network with an address that is valid on 
the public network; and means for serving the scrubbed Web page to the client. 

Further, as per claim 40; "A computer program product [This claim is the embodied 
software claim for the method claim 12 above, and is rejected for the same reasons provided for 
the claim 12 rejection] that permits access to devices on a private network via a client on a public 
network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the computer program product 
comprising a computer usable storage medium having computer readable program code 
embodied in the medium, the computer readable program code comprising: computer readable 
program code that accepts a user log-in request fi-om the client, wherein the user log-in request 
comprises an identification of the user, and wherein the user log-in request has a predetermined 
life span; computer readable program code that ascertains rights of a user to access one or more 
devices on the private network; computer readable program code that serves a Web page to the 
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client that identifies each device on the private network for which the user has access rights, 
wherein the Web page includes a link to a Web server of each device on the private network for 
which the user has access rights, wherein each link to a Web server includes a uniform resource 
locator (URL) for a gateway on the private network that is valid on the public network and an 
identification of a gateway port that is mapped to a respective Web server, and wherein each link 
is configured to send a request to a respective Web server via the gateway system at. an 
identified gateway port; computer readable program code that receives a request fi-om the client 
to access a Web server of a device on the private network in response to user activation of a link 
on the Web page; computer readable program code that redirects to received client request to the 
Web server; computer readable program code that scrubs a Web page served by the Web server 
in response to the received client request, comprising: computer readable program code that 
removes links to Web servers of devices for which the user does not have access rights; and 
computer readable program code that replaces an address in the Web page that is not valid on the 
public network with an address that is valid on the public network; and computer readable 
program code that serves the scrubbed Web page to the client. 

15. Claim 14 additionally recites the limitation that; "The method according to Claim 12, 
wherein the step of serving a Web page to the client comprises: 

scanning a range of private network addresses to identify Web servers listening on 
one or more selected ports; 

mapping each identified Web server to a respective gateway port; and 
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creating a Web page that contains a respective link to each gateway port for each 
device for which the to user has access rights.". 
The teachings of Raanan et al suggest such limitations (col. l,lines 30-col 10,line 18, whereas 
the use of a firewall/gateway to determine authorized and allowable actions by the client (i.e., 
col. 2,lines 39-coL 3,nne 23, col. 4,lines 65-col. 5,line 29,61-67, col 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; . . . creating a Web page 
. . . link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 5-8, col. 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation.). 

Further, claim 28 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 14 above, and is rejected for 
the same reasons provided for the claim 14 rejection] according to Claim 26, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
each identified Web server to a respective gateway system port; and means for creating a Web 
page that contains a respective link to each gateway system port for each device for which the 
user has access rights.". 
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Further, claim 42 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 14 above, and is rejected for the 
same reasons provided for the claim 14 rejection] according to Claim 40, wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
program code that scars a range of private network addresses to identify Web servers listening on 
one or more selected ports; computer readable program code that maps each identified Web 
server to a respective gateway port; and computer readable program code that creates a Web 
page that contains a respective link to each gateway port for each device for which the user has 
access rights.". 

Response to Amendment 

16. As per applicant's argument concerning the lack of teaching by Raanan et al of". . . user 
log-in request has a predetermined- life span the examiner has fully considered in this 
response to amendment; the arguments, and finds them not to be persuasive. The Raanan et al 
teaching of a session orientation of the protocol extraction module is recited, at the very least in 
the context of a limiting of the "life span" of the said protocol element(s); itself clearly time 
restricted authorization/authentication per se. Nowhere in the claim language does the recitation 
of a requu-ement for an explicit claiming of the "predetermined life span" aspect appear; just 
"predetermined life span" per se. Therefore, the Raanan et al session oriented time restricting 
aspects, as being broadly interpreted by the examiner, as per the claim language, would therefore 
be applicable in the rejection, such that the rejection support references collectively encompass 
the said claim limitations in their entirety. 
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17. TfflS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi'om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated fi-om the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS fi-om the mailing 
date of this final action. 
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Conclusion 



18. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861. The examiner can normally be reached Monday 
through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessftil, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 703-872-9306. 
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